Identity proxy for access control systems
US-10255422-B1 · Apr 9, 2019 · US
Method for obtaining emergency device access for field devices
US11809541B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11809541-B2 |
| Application number | US-202117481910-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 22, 2021 |
| Priority date | Sep 24, 2020 |
| Publication date | Nov 7, 2023 |
| Grant date | Nov 7, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed is a method for obtaining emergency device access for field devices in process automation technology by means of a security token. The method includes the field device receiving and storing a public key before an emergency occurs; connecting the security token to the field device; sending a challenge from the field device to the security token; calculating a response to the challenge by means of a private key on the security token and sending the response from the security token to the field device; and granting emergency access if the response is correct.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for obtaining emergency device access for a field device in process automation technology via a security token, wherein the security token includes an encrypted memory area that is not readable from outside the encrypted memory area, wherein a private key is stored in the encrypted memory area, and wherein the private key and a public key form an asymmetric cryptosystem, the method comprising: (a) the field device receiving the public key if the public key is not yet on the field device, wherein one or more authorizations of an owner of the private key having access to the field device are linked to the public key; (b) storing the public key on the field device, wherein steps (a) and (b) are performed before an emergency occurs; (c) connecting the security token to the field device; (d) sending a challenge from the field device to the security token; (e) calculating a response to the challenge using the private key and sending the response from the security token to the field device; and (f) granting emergency access when the response is correct, wherein steps (c) through (f) are performed in the event of an emergency, and wherein the security token is protected against unauthorized use, but the protection can be overcome in an emergency. 2. The method according to claim 1 , wherein the security token is a hardware token. 3. The method according to claim 2 , wherein the hardware token is a FIDO2 stick. 4. The method according to claim 1 , wherein the security token is a wireless smart device. 5. The method according to claim 1 , wherein the public key is received in step (a) from the security token to the field device via WLAN, Bluetooth, NFC, USB, field bus, Ethernet, SD card, or a proprietary service interface. 6. The method according to claim 1 , wherein the connection in step (c) from the security token to the field device takes place via WLAN, Bluetooth, NFC, USB, a proprietary service interface, or a sensor interface. 7. The method according to claim 1 , wherein the asymmetric cryptosystem is designed as an RSA cryptosystem or elliptical curve cryptosystem. 8. The method according to claim 1 , wherein only exactly one field device trusts the public key. 9. The method according to claim 1 , wherein the challenge is random. 10. The method according to claim 1 , wherein the protection can be irreversibly overcome in an emergency; the protection is destroyed; at least the use of the token is obvious.
Assignees
Inventors
Classifications
- G06F21/34Primary
involving the use of external additional devices, e.g. dongles or smart cards · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
- H04L9/3271Primary
using challenge-response · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11809541B2 cover?
- Disclosed is a method for obtaining emergency device access for field devices in process automation technology by means of a security token. The method includes the field device receiving and storing a public key before an emergency occurs; connecting the security token to the field device; sending a challenge from the field device to the security token; calculating a response to the challenge …
- Who is the assignee on this patent?
- Endress Hauser Conducta Gmbh Co Kg
- What technology area does this patent fall under?
- Primary CPC classification G06F21/34. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).